Alarm Rationalization

Similar documents
excellence in Dependable Automation ALARM MANAGEMENT

Alarm Management. Alarm Management. DeltaV Whitepaper. February 2011 Page 1

Alarm Services. Introduction. Benefits. Service Data Sheet October Know and improve your alarm performance

Alarm Management Services

Alarm System Performance Metrics

DeltaV Analyze. Introduction. Benefits. Continuous automated DeltaV System alarm system performance monitoring

Economic and Effective Alarm Management

Q&A Session from Alarm Management Workflow Webinar (Apr.24/2013)

Alarm Management Plan

DeltaV Distributed Control System December 2017

DeltaV Analyze. DeltaV Analyze. Introduction. DeltaV Product Data Sheet. Continuous automated DeltaV System alarm system performance monitoring

Effective Alarm Management for Dynamic and Vessel Control Systems

Sustain.Ability. Alarm Management: Be Pro-active, not Re-active Honeywell Users Group Europe, Middle East and Africa. Tyron Vardy, Honeywell

DynAMo Alarm & Operations Management

2012 Honeywell Users Group EMEA Tyron Vardy A Guide to Effective Alarm Management

DeltaV Operate. Product Data Sheet DeltaV Operate December 2006 Page 1. Introduction. Benefits

Alarm Management Reflections

DeltaV Operate. DeltaV Operate. Introduction. DeltaV Product Data Sheet. Robust and secure plant operations

Alarm Management for SCADA control rooms

Session Number: 3 Making the Most of Alarms as a Layer of Protection

Exaquantum/ARA Alarm Reporting and Analysis

Alarm Management Standards Are You Taking Them Seriously?

Process Safety - Market Requirements. V.P.Raman Mott MacDonald Pvt. Ltd.

ABB Ability System 800xA Alarm Management

2012 Honeywell Pacific Users Group. Sus tain.ability.

Enhance Alarm Management

DON T JUST REPORT ON ALARMS, TAKE

Ovation Alarm Management System

Where Technology Shapes Solutions. Alarm management : Wasn t that problem already solved years ago?

Product introduction Layers of Protection Layer 3: Safety System Instrumented & Mechanical. Layer 2: Alarms Manual action needed

Diagnostics with fieldbus

DeltaV Live. Introduction. Benefits. Modern, built-for-purpose operations experience

Too Many Alarms: Where Do I Begin?

The Top 10 Worst Performing Alarm Systems in Industry

Alarm Management for Pipelines

Benchmarking Industry Practices for the Use of Alarms as Safeguards and Layers of Protection

Meeting PHMSA Alarm Management Requirements: How TiPS Can Help

Alarm Management. Version Prepared by: Michael Davis- Hannibal. Softcon Software Control Services (Pty) Ltd.

Kevin Brown and Chris Stearns

excellence in Dependable Automation The Alarm Shelving ebook

InstrumentationTools.com

SCADA ALARM MANAGEMENT. Tim Okely. GWMWater

SIL DETERMINATION AND PROBLEMS WITH THE APPLICATION OF LOPA

IEC61511 Standard Overview

AVOID CATASTROPHIC SITUATIONS: EXPERT FIRE AND GAS CONSULTANCY OPTIMIZES SAFETY

Improvements in Transmission Control Center Alarm Management Practices

AVOID CATASTROPHIC SITUATIONS: EXPERT FIRE AND GAS CONSULTANCY OPTIMIZES SAFETY

Alarms play a significant role in maintaining plant

Safety Instrumented Systems The Smart Approach

Understanding and Applying the ANSI/ISA 18.2 Alarm Management Standard

EXPORTING ALARM SETPOINTS IN SIEMENS PCS7

Is your current safety system compliant to today's safety standard?

Next Generation Alarm Management With DynAMo Alarm and Operations Management

ADIPEC 2013 Technical Conference Manuscript

USER APPROVAL OF SAFETY INSTRUMENTED SYSTEM DEVICES

Enhanced FOUNDATION Fieldbus Physical Layer Diagnostics with the DeltaV System

FAST/TOOLS. Alarm System Performance Analysis (ASPA) Bulletin 50A01A00-02EN

2015 Functional Safety Training & Workshops

General Specifications

Failure Modes, Effects and Diagnostic Analysis

DYNAMO ALARM MANAGEMENT

Safety Instrumented Systems

New requirements for IEC best practice compliance

Understanding the New IEC Alarm Management Standard A PAS White Paper

excellence in Dependable Automation

Options for Developing a Compliant PLC-based BMS

Scope of Work Urban Design Review Framework Monitoring Program Item #7.1

Patriot Systems Limited

HAZARDS EQUAL TRIPS OR ALARMS OR BOTH

2015 Honeywell Users Group Europe, Middle East and Africa

Compact HMI Overview

Safety Instrumented Fire & Gas Systems

Updated May 15, OASyS DNA and Control Room Management Compliance Statement

DATA SHEET BENEFITS CURRENT CHALLENGES SSM INFOTECH S X-FORCE AMS - THE IDEAL SOLUTION

Advanced Diagnostics for HART Protocol Rosemount 3051S Scalable Pressure, Flow, and Level Solutions

Stavros Chrysanthou Madrid DynAMo Alarm Management Secrets to unlocking complete Operational Integrity

Safety Integrity Verification and Validation of a High Integrity Pressure Protection System to IEC 61511

Current Trends in SCADA Systems. Situational Awareness Alarm Management Data Availability System Robustness/Redundancy

Control System Studio - CSS - Alarm Handling

OPTIMIZING YOUR TECHNOLOGY INVESTMENT WITH SERVICE AND SUPPORT

PRIMATECH WHITE PAPER CHANGES IN THE SECOND EDITION OF IEC 61511: A PROCESS SAFETY PERSPECTIVE

Securing and Protecting Process Plants in the Digital Age Functional safety requires IT security

ANALYSIS OF HUMAN FACTORS FOR PROCESS SAFETY: APPLICATION OF LOPA-HF TO A FIRED FURNACE. Paul Baybutt Primatech Inc. and

Product Brief for Alarm Analytics V9.2 April 2010

Closing the Holes in the Swiss Cheese Model Maximizing the Reliability of Operator Response to Alarms

KELTRON LS 7000 ALARM MANAGEMENT SYSTEM Keltron Alarm Monitoring, Dispatch, and Reporting Software

DeltaV Connect Solution for Honeywell Systems

MIRA Black Start User Guide. Monitoring Analytics, LLC. Version 1.0: April 18, Monitoring Analytics

Martin Huber 26September 2017 F&G SOLUTIONS FOR THE PROCESS INDUSTRY

Alarm Management Optimization (AMO) at Saudi Aramco

BRIDGING THE SAFE AUTOMATION GAP PART 1

Australian Standard. Functional safety Safety instrumented systems for the process industry sector

Hazards Equal Trips or Alarms or Both

ALARMING NEWS FROM INVENSYS PROCESS SYSTEMS, INC.

Tom Miesner Principal Pipeline Knowledge & Development

White Paper: Video/Audio Analysis Technology. hanwhasecurity.com

Fire and Gas Detection and Mitigation Systems

Assessment of the Safety Integrity of Electrical Protection Systems in the Petrochemical Industry

2013 Compliance Report RCW 52.33

PERFORMANCE HUMAN NEXT-GENERATION SCADA HIGH. MACHINE INTERFACES Configuring HMIs to Display Operator-centric Information

Transcription:

DeltaV Distributed Control System White Paper October 2016 Alarm Rationalization This document examines the ISA-18.2 alarm rationalization process for DeltaV Process Automation Systems, utilizing alarm rationalization software provided by exida, LLC. Rationalization is one step in the alarm management lifecycle defined in ANSI/ISA-18.2-2009 Management of Alarm Systems for the Process Industries. In this step, identified candidate alarms are judged against principles established in an alarm philosophy document to qualify which are legitimate alarms, to specify their design, and to capture rationale and other information to guide operator response.

Table of Contents Introduction... 3 Executive Overview... 3 What is Alarm Rationalization... 4 Benefits of Rationalization... 4 What is an Alarm... 4 Alarm Rationalization is a Team Effort... 5 Organizing for Success... 5 The Rationalization Method... 6 Rationalization Scope... 6 Estimating the Required Time... 7 An illustration using SILAlarm... 8 Defining the Alarm Rationalization Rules... 9 Rationalizing an Individual Alarm... 10 Rationalizing Alarms in Bulk... 18 After Rationalization is Complete... 21 Ten Tips for Effective Rationalization... 22 References... 23 www.emerson.com/deltav 2

Introduction In modern control systems it takes very little effort to add an alarm. Consequently operators are increasingly overloaded with more alarms than they can handle effectively and inundated with nuisance alarms. These factors increase the likelihood that they miss a critical alarm and make it more difficult to respond to a plant upset, raising the chance of an unplanned shutdown or an accident. The ISA-18.2 standard was created to help industry implement effective alarm management practices. It provides a framework and methodology for the successful design, implementation, operation and management of alarm systems and presents techniques to help end-users address the most common alarm management issues. As such it is expected to be accepted as Good Engineering Practice by insurance companies and regulators alike. One of the most important practices described in ISA-18.2 is alarm rationalization, which is a process for reviewing and documenting the alarms in a system to ensure that they are truly needed and are designed to help the operator diagnose and respond to the situation. Executive Overview Alarm rationalization is a systematic work process to evaluate all potential or existing alarms against principles established in an alarm philosophy document, to qualify which are legitimate alarms, to specify their design, and to capture rationale such as cause, consequence and corrective action which can be used to guide operator response. The principal benefits of alarm rationalization are reduced alarm load on the operator, elimination of nuisance alarms, and prioritization to help the operator respond to the most critical alarms first, all of which lead to improved operator effectiveness. The alarm rationalization team is formed from in-house staff representing operations, control engineering, maintenance and other disciplines as required. To achieve consistent results and work efficiently the team will require training, management commitment to allow adequate time and resources, a skilled independent facilitator and software designed specifically for the purpose of alarm rationalization. After a period of initial ramp-up it is expected that the team could rationalize upwards of 150 alarms (roughly 25 control modules) per day. Results may vary depending upon application complexity and team dynamics. In the case of an existing plant the process typically begins by benchmarking alarm system performance and identifying bad actors using tools such as DeltaV Analyze. Rationalizing the bad actors provides immediate benefit to operations and a quick payback on the effort. Periodic benchmarking of alarm system key performance indicators is essential to measuring success and directing ongoing alarm rationalization. Emerson and exida have formed an alliance to ensure that a complete Alarm Management Lifecycle solution is available to aid clients with implementing a sustainable lifecycle approach that complies with the ISA-18.2 standard. The solution incorporates tools and capabilities for alarm rationalization (SILAlarmTM by exida), operator alarm response procedures (DeltaV Alarm Help), analysis and benchmarking of alarm system performance (DeltaV Analyze / Plantwide Event Historian), and the expertise of both companies. This whitepaper describes the basic work activity of the rationalization team using SILAlarm, along with other practical advice for setting up and sustaining an effective alarm rationalization process. www.emerson.com/deltav 3

What is Alarm Rationalization When it comes to alarms, more is not better. The ideal is to create a system containing the minimum set of alarms needed to keep the process safe and within normal operating limits. Alarm rationalization is a process where a cross-functional team of plant stakeholders reviews, justifies, and documents that each alarm meets the criteria for being an alarm as set forth in a company s alarm philosophy document. Rationalization also involves defining the attributes of each alarm (such as limit, priority, classification, and type) as well as documenting the consequence, response time, and operator action. The output of rationalization is a Master Alarm Database (also known as an alarm catalog) containing the alarm configuration requirements. Benefits of Rationalization Rationalization is a key stage in the alarm management lifecycle defined in ANSI/ISA-18.2-2009 Management of Alarm Systems for the Process Industries, or ISA-18.2 for short. It forms the basis for implementing an alarm configuration and optimizing the performance of the alarm system. [1] After completing a thorough rationalization: The alarm system can be expected to provide significantly fewer alarm activations and less nuisance alarms (chattering, fleeting or stale alarms). Operator response to alarms will be more swift and effective because alarms are more trusted, accompanied by good guidance, prioritized for correct action sequence, and free from clutter of secondary and often redundant alarms. What is an Alarm As defined in ISA-18.2, an alarm is An audible and/or visible means of indicating There must be an indication of the alarm. An alarm limit can be configured to generate control actions or log data without it being an alarm. to the operator The indication must be targeted to the operator to be an alarm, not to provide information to an engineer, maintenance technician, or manager. an equipment malfunction, process deviation, or abnormal condition The alarm must indicate a problem, not a normal process condition. requiring a response. [1] There must be a defined operator response to correct the condition. If there is no operator response necessary, then there should not be an alarm. One of the main purposes of rationalization is to ensure that each alarm is unique, meets the above criteria, and is the best indicator of an abnormal situation. www.emerson.com/deltav 4

Alarm Rationalization is a Team Effort Alarm rationalization is an activity that is performed in a team setting amongst key stakeholders representing the various functions within a plant. It should be performed by representatives with the knowledge and skills listed below. In some cases, one person may have the knowledge to represent several different areas. Specific roles may need to attend only on an as-needed basis. Production and/or Process Engineers familiar with the process workings, economics, and with the control system. Operators - Preferably two operators from different shift teams with experience in use of the control system Process Control Engineering - particularly when advanced control strategies or ESD logic are discussed Safety and Environmental Engineers (part time as needed) Maintenance / Equipment Reliability (part time as needed, usually when specific equipment is discussed) Management (Kick-off) Instrumentation/Analyzer Specialists (part time as needed) Alarm Management Facilitator [2] Rationalization can be a resource intensive process. The alarm management facilitator plays a key role in orchestrating the process and making sure that it remains focused. The characteristics of a good facilitator are: Ensures that everyone stays involved Makes sure that everyone has a defined role and sticks to it Is independent and neutral (has no responsibility for the process area that is being rationalized) Keeps the process moving Is able to manage the tension and emotion of the activity Does not participate in the debates Reinforces the rules of alarm management as defined in the alarm philosophy Organizing for Success The key ingredients to a start a rationalization program are: An alarm philosophy document, to establish the rules and key performance benchmarks. To a large extent rationalization is the application of these rules to each potential alarm. In the absence of a good alarm philosophy, the rationalization effort will falter. Benchmark of actual alarm system performance (brown field systems) including alarm load, as well as identification of nuisance alarms and frequently occurring alarms. Alarm rationalization software, to provide an organizational structure for review of individual alarms, productivity tools to relate/clone groups of alarms with similar aspects, management of change controls, and ability to document the results in a usable format (Master Alarm Database). A rationalization team, with core members representing the operations, process, instrumentation and system engineering disciplines. A well qualified impartial facilitator to lead the rationalization team. For existing (brown field) systems, a complete accurate list of all the current alarms and their configuration settings (priority, limit, hysteresis & delay, etc.) www.emerson.com/deltav 5

Other important information to have on hand includes: Current P&ID documents Current Process / ESD / F&G Cause and Effect Charts Current Vendor Package Cause and Effects (For Compressor s, other auxiliary packages.) Hazard & Risk Analyses (PHA/HAZOP reports, LOPA Results, Safe Operating Limits) Critical Operating Procedures System documentation tools for mapping tags across the automation assets A list of alarms that are duplicated in External Annunciation Panels The Rationalization Method The basic methodology used by the rationalization committee is relatively simple. Pick a piece of equipment, unit or control module, then discuss its configured and possible alarms. Decide if the alarm is similar / identical to other alarms that have already been rationalized. For example if all compressors are to be treated the same, then information can be copied from the first set of compressor alarms in order to minimize level of discussion needed. Determine if the alarms are justified. What is the consequence(s) if the alarm was not addressed? Is there an available operator action to mitigate the event and sufficient time to do so? Note that acknowledging an alarm or writing an entry in a logbook is not considered a valid operator action as these responses do not impact the event. Check to see if this alarm is duplicated by another alarm. If so, pick only one to keep that is the best indicator of the anomaly. Determine the correct priority based on the alarm philosophy rules. Typically it is a function of time to respond and consequence of inaction. Document all that is known and may be of use to the operator, such as possible cause, method to confirm/validate the alarmed condition, and recommended corrective action(s). Document agreed-upon modifications to alarm attributes or specifications if the alarm is new. These would include the limit, hysteresis, off/on delays, conditional alarming, etc. For processes with differing operating states, specify alarm settings that track the operational state of the plant. Rationalization Scope Because alarm rationalization can be a resource intensive activity, the scope is often chosen to maximize the benefit received from the level of effort expended. This typically results in taking the path of a full rationalization or a limited (focused) rationalization. In a full rationalization, which is typically done for new (green field) facilities, all alarms are rationalized. In a limited rationalization, alarms are rationalized in stages based on the following: Are part of a specific process area or subsystem (typically the most critical) Has been pinpointed as a bad actor / nuisance alarm Are Low hanging fruit that can provide immediate benefit to operations Have been highlighted from operator feedback Are most critical to plant safety and operations Are part of an Operator s span of control www.emerson.com/deltav 6

To maintain consistency it is recommended to implement alarm system changes for an entire console based on the operator s span of control. This improves consistency as the operator knows that all alarms for which they are responsible have been rationalized. Estimating the Required Time A thorough alarm rationalization can use significant personnel resources. For larger systems with thousands of I/O points, the cost can add up. This must be balanced against the potential cost of an incident, which typically far exceeds the cost of rationalization. The time to rationalize the alarm system can be minimized via effective facilitation and by use of tools and techniques which streamline the process. Brute force approaches will take longer than those which divide up the database to capitalize on commonality of alarms or equipment. Pre-populating the master alarm database with all relevant information before the team meets has been shown to double the number of alarms that can be rationalized per day, which is a figure of merit that is typically used to measure efficiency. Benchmark metrics vary across the industry and published literature: 20 to 30 tags per day (Ref: Large Oil & Gas Company)) 100 to 200 alarms per day [3] 300 to 400 alarms per day is possible with good prework [3] While no performance assurances can be given, a reasonable conservative figure to use for budgetary estimation is 150 alarms per day, equating roughly to 25 DeltaV control modules. www.emerson.com/deltav 7

An illustration using SILAlarm The following section describes how to rationalize the alarms in a DeltaV process automation system using exida s SILAlarm tool according to the rules defined in a company s alarm philosophy document. It walks the user through the process of rationalizing an individual alarm, as shown below in Figure 2. The rationalization workflow process can be tailored based on the information that is to be recorded in the Master Alarm Database (defined in the alarm philosophy). For example the Safety step, which allows for documenting alarms that are also an independent layer of protection (IPL) or a safeguard defined in a Process Hazards Analysis, can be hidden so that they are removed from the workflow process when not relevant. To boost the efficiency and productivity of the rationalization committee, this paper also describes key SILAlarm functionality that can be used to streamline the process by rationalizing alarms in bulk. Figure 2 Process of Rationalizing an Individual Alarm. Using SILAlarm www.emerson.com/deltav 8

Defining the Alarm Rationalization Rules Having an alarm philosophy document in place is a pre-requisite before rationalization can begin. The alarm philosophy document typically contains the rules for prioritizing and classifying alarms, default settings for deadband and on/off delay, as well as approved advanced alarming techniques. This information is entered into SILAlarm as a means of enforcing the rules of the philosophy and to ensure consistent application of alarm management principles. One of the most important outputs of rationalization is a database of alarms (Master Alarm Database) which is prioritized according to the urgency of the operator s response and the severity of the potential consequences if no action is taken. In SILAlarm s setup wizard relative thresholds can be defined for operator response and for the different consequence categories defined in the alarm philosophy. This information will be used to prioritize the alarm. Several prioritization methods are available in SILAlarm, including the use of a severity vs. time to respond table. Figure 3 Defining Operator Response Time and Consequence Thresholds. The consequence descriptions are used to populate a table of Operator Urgency (Time to Respond) vs. Consequence. Alarm priority is then assigned for each cell in the table. Default DeltaV priorities include; Log (3), Advisory (7), Warning (11), and Critical (15). www.emerson.com/deltav 9

Figure 4 Assigning Alarm Priority Based on Operator Urgency and Consequence of Inaction. Rationalizing an Individual Alarm Before beginning, the master alarm database (alarm catalog) should be populated with potential and/or existing alarms. This is typically done by exporting the control system configuration to a.csv file, using the DeltaV bulk edit tool, and importing the alarm configuration into SILAlarm. This allows alarms from various DeltaV sources to be brought into a common database and rationalized in a consistent fashion: Process Foundation Fieldbus (FF) SIS Hardware HART Wireless HART Once the alarm configuration is loaded into SILAlarm, rationalization begins by selecting an individual alarm. In this example the 6TI896-08 High Alarm has been selected. www.emerson.com/deltav 10

Once the alarm configuration is loaded into SILAlarm, rationalization begins by selecting an individual alarm. In this example the 6TI896-08 High Alarm has been selected. Figure 5 Selecting the 6TI896-08-High Alarm from the Alarm List View. Clicking on the Rationalize the Selected Alarms button calls up the Basic Alarm data screen which displays the module configuration details that were imported from the DeltaV configuration. Information can be updated / corrected from this screen. Click on the Next Tab (Priority) button to move to the next step in the process. Figure 6 Basic Alarm Data. www.emerson.com/deltav 11

Alarm priority is determined by analyzing what the direct consequences would be if no action was taken by the operator and based on how much time the operator has to respond. Consequences are typically evaluated from different points of view as defined in the alarm philosophy, such as Health & Safety, Economic, and Environment. They are assigned to a level (in this case [C0] through [C5]) based on the descriptions that are defined in the alarm philosophy document (eg. a [C2] Minor Economic Loss is defined as a failure that results in a cost of 10 100K USD.) After estimating Operator Urgency (time to respond), the recommended priority is determined via table lookup for the consequence with the highest severity. In the event that the consequences are not significant, there is not enough time to respond, or there is no defined operator action, the alarm can be flagged for removal (which means that it would be disabled in the DeltaV configuration). Figure 7 Determination of Alarm Priority based on the Severity of Consequences and Time to Respond. Documenting the cause of the alarm, the consequence of inaction, the operator s corrective action, methods of confirming the alarm and purpose (design intent) is an important step in the rationalization process. An example of corrective action is starting a backup pump or manually opening a valve. Acknowledging the alarm or making a shift note entry is not considered a valid operator response to an alarm as these actions do not help correct the problem. www.emerson.com/deltav 12

This information is valuable for use in operator training and can be provided to the operator through DeltaV Operate as a means of helping them to respond more quickly and accurately during an upset condition. Figure 8 Documenting Alarm Cause, Consequence, Corrective Action, and Confirmation. Classification is a method for organizing alarms by common characteristics and requirements. It is typically used to group alarms together which have similar requirements for training, testing, alarm record retention, audit frequency, and management of change. Alarms can be part of more than one class. Classification often takes into account the source (identification) of the alarm, such as a Hazard and Operability Study (HAZOP) or an environmental permit. Figure 9 Alarm Classification. www.emerson.com/deltav 13

Determination of the alarm setpoint (limit) is another important step during the rationalization process. SILAlarm calculates a recommended alarm limit (called the alarm threshold) based on user entered values for minimum operator response time, consequence threshold, normal operating limit, process deadtime, and rate-of-change. This calculation is provided along with the current alarm limit (imported from DeltaV) and the mid-threshold limit (the value which is midway between the normal operating limit and the consequence threshold). The user may select amongst these calculated limits or override based on operational experience. An estimated time to respond is calculated for the selected alarm limit and compared to the minimum response time and the process safety time (if known), to determine whether the operator has sufficient time to respond when compared to these metrics. Figure 10 Alarm Setpoint (Limit) Determination. Industry studies have shown that one of the primary causes of nuisance alarms is the use of inappropriate alarm deadband (hysteresis) and on/off delays. SILAlarm allows the user to easily configure the deadband, signal filter, and on/off delays based on the default values that are defined in the alarm philosophy. www.emerson.com/deltav 14

Figure 11 Configuration of Alarm Tuning (Deadband and Delays). Some alarms occur predictably during specific equipment states or process operating modes. They should be suppressed from the operator during these conditions because they are not relevant and can hamper their response. For other alarms, the limit, priority and operator action can be a function of state or mode. To address these situations, SILAlarm alarm supports the engineering and design of advanced alarming techniques such as shelving, first-out alarming, alarm flood suppression, state-based suppression, and dynamic alarming. Figure 12 Advanced Alarming Configuration. www.emerson.com/deltav 15

Safety implications and design details of alarms that are identified as safety-critical can also be documented. This helps ensure that safety alarms are treated appropriately during the rationalization process and provides traceability between the design of the alarm system and the safety system. Figure 13 Documenting Safety Relevant Information. www.emerson.com/deltav 16

An effective alarm system provides the right information to the right people at the right time. SILAlarm allows the rationalization team to optionally define the annunciation source of the alarm (eg. HMI or Alarm Horn) and the plant personnel that should receive the alarm (e.g. Operator or Maintenance Technician). This capability can be used for example, to help route diagnostic alarm information to the maintenance department for resolution in addition to, or instead of, the operator. Figure 14 Documenting Alarm Source and Target. After completing the rationalization of an alarm, its status can be changed to one of the following conditions in order to track it through the workflow process: Incomplete (Default) Pending Approval Under Review Approved Configured Deconfigured Rejected Comments can be recorded in the change log, and follow up actions can be defined and assigned. The team that worked on the Rationalization is also recorded in the log and the settings can be approved (which locks out further changes). www.emerson.com/deltav 17

Rationalizing Alarms in Bulk Figure 15 Alarm Rationalization Approval / Change Log. Alarm Rationalization can be a very resource intensive activity. The SILAlarm tool includes various bulk engineering capabilities in order to streamline the process and make it as efficient as possible. This reduces the average amount of time it takes to rationalize an alarm. To streamline the workflow, information can be copied from a rationalized alarm to an unrationalized alarm(s). Copying of information can be done for an individual tab (such as copying the operator decision support information) as shown below by using the Base Response On button. Figure 16 Copying Operator Response Information from one alarm to the next. www.emerson.com/deltav 18

Multiple alarms can be displayed at the same time so that common information can be entered simultaneously. Figure 17 Displaying Multiple Similar Alarms Side-by-Side. When alarms are similar because they are part of a recurring equipment design or application, information can be copied from a rationalized alarm to multiple unrationalized alarms at the same time (template approach). The specific information to be copied is selectable by tab (e.g. prioritization, operator decision support, setpoint determination ). Figure 18 Copy alarm rationalization Details from a Template to Multiple Similar Alarms. www.emerson.com/deltav 19

The alarm database can be filtered in multiple ways (e.g. process area, tag description, block type, current status etc) to facilitate selection of alarms to rationalize based on commonality of equipment, design, control module type etc. Figure 19 Filtering Alarm List to Focus on Rationalization of a particular type of devices www.emerson.com/deltav 20

After Rationalization is Complete After rationalization has been completed, the updated alarm database can be exported from SILAlarm and imported into the DeltaV Engineering station using the bulk edit tools. This allows alarm settings to be updated automatically in bulk without requiring manual configuration changes. It also can populate the fields of DeltaV s Alarm Help system with the results. Reports can be generated to document the alarm system design for use in the configuration process or for use by operations. Alarm response reports can be created which display key alarm information (cause, corrective action, confirmation, time to respond) to the operator online through DeltaV Operate. Figure 20 Sample Alarm Response Report www.emerson.com/deltav 21

Ten Tips for Effective Rationalization 1. Preparation of the initial master alarm database prior to rationalization is critical to success. Without a complete and accurate database, or in the case of a new system a sufficient list of potential alarms, progress will be hindered. 2. All participants must understand and embrace the alarm definition and rules set out in the alarm philosophy. All participants have to be on the same page. 3. Participation by all required disciplines, at every meeting of the rationalization team, is a must. Human resource planning is the key. 4. Allot ample time for rationalization. Time can be managed by reviewing one-time processes that are significantly alike, such as reactors, compressors, etc. doing the identical process. 5. Plan ahead such that subject matter experts from outside the core team can be brought in when required. Safety, Environmental and Maintenance and other specialty disciplines will need time to prepare. Consider providing a pre-meeting document to explain the key tenants of alarm definition, philosophy and rationalization. 6. Be rigorous in the consistent application of alarm philosophy rules. Exceptions must be well documented and should be infrequent. Failure to do so will lead to countless wasted hours in discussion of philosophy and produce a final outcome where individual Operator judgments and interpretation will fill the gap created by variable alarm system behavior. 7. Expectations can run high when the decision is made to undertake an alarm rationalization program to address the alarm problem at an existing site. Thus it is typically worthwhile to devote some of the early effort tackling points with bad actor alarms. Operators will appreciate the elimination of fleeting/chattering alarms and management can see that the rationalization program is producing useful results. Note this approach can result in inefficient rationalization committee effectiveness so try to move past this phase expeditiously. 8. Don t forget about diagnostic alarms and FOUNDATION Fieldbus and HART device alerts. These are often responsible for a large percentage of alarm traffic and are typically considered nuisance alarms by an operator. Rationalization should strive for a consistent prioritization, determination of whether the operator needs to see the alarm, and creation of a message that is understandable and actionable. 9. It is generally not useful to assume multiple cascading failures when considering an alarm consequence scenario. Only the direct (proximate) consequences should be considered. While it may be the case that a protective system could fail further compounded by a subsequent incorrect human response, such what-if considerations are likely to lead to a vast skewing of alarm priorities to critical. Rationalization works best when it is assumed that the design and reliability of systems and work processes are functioning as expected. 10. It is generally a waste of time to ponder the probability of an alarm. Simply accept that it has happened and proceed to qualify and optimize the alarm following the rationalization process rules. www.emerson.com/deltav 22

References 1. ANSI/ISA ISA18.2-2009, Management of Alarm Systems for the Process Industries. 2. ISA-18.2 TR2, Alarm Identification and Rationalization (Technical Report Draft). 3. ISA Course IC39C, Introduction to the Management of Alarm Systems. 4. Engineering Equipment and Materials User Association, Alarm systems: A guide to design, management, and procurement (Pub. No. 191), London: EEMUA, 1999. Other related Whitepapers, available at http://www2.emersonprocess.com/en-us/brands/deltav/whitepapers/pages/whitepapers.aspx 5. DeltaV Alarm Help 6. DeltaV Alarm Sounds Emerson North America, Latin America: +1 800 833 8314 or +1 512 832 3774 Asia Pacific: 65 6777 8211 Europe, Middle East: +41 41 768 6111 www.emerson.com/deltav 2016, Emerson Process Management. All rights reserved. The Emerson logo is a trademark and service mark of Emerson Electric Co. The DeltaV logo is a mark of one of the Emerson Process Management family of companies. All other marks are the property of their respective owners. The contents of this publication are presented for informational purposes only, and while every effort has been made to ensure their accuracy, they are not to be construed as warranties or guarantees, express or implied, regarding the products or services described herein or their use or applicability. All sales are governed by our terms and conditions, which are available on request. We reserve the right to modify or improve the designs or specifications of our products at any time without notice.

2024 © homedocbox.com Privacy Policy | Terms of Service | Feedback